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CLAIMS 

What is claimed is: 

5 

1. A method for management of a distributed data 

processing system, wherein the distributed data processing 

system is managed on behalf of a plurality of management 

customers, the method comprising: 
10 representing the distributed data processing system as 

a set of scopes, wherein a scope comprises a logical 

organization of network-related objects; 

associating each scope with a management customer, 

wherein each scope is uniquely assigned to a management 
15 customer, wherein each scope is uniquely associated with a 

set of configuration parameters for managing each scope; 

managing the distributed data processing system as a 

set of logical networks, wherein a logical network comprises 

a set of scopes, and wherein each logical network is 
20 uniquely assigned to a management customer; and 

allowing an administrative user to dynamically 

reconfigure logical networks within the distributed data 

processing system. 

25 2. The method of claim 1 further comprising: 

dynamically reconfiguring the distributed data 
processing system to introduce a new scope by logically 
dividing a pre-existing scope. 

30 3. The method of claim 2 wherein the new scope is 

introduced without physically introducing a new network, 
system, or endpoint to the distributed data processing 
system. 
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4. The method of claim 1 further comprising: 
dynamically reconfiguring the distributed data 

processing system by logically moving a scope between 
5 management customers. 

5. The method of claim 1 further comprising: 
dynamically reconfiguring the distributed data 

processing system to introduce a new management customer. 

10 

6. The method of claim 5 wherein the new management 
customer is introduced without physically introducing a new 
network, system, or endpoint to the distributed data 
processing system. 

15 

7. The method of claim 1 further comprising: 
dynamically discovering endpoints, systems, and 

networks within the distributed data processing system; 

correspondingly representing endpoints, systems, and 
20 networks within the distributed data processing system as a 
set of endpoint objects, system objects, and network 
objects; and 

logically organizing the endpoint objects, system 
objects, and network objects within a set of scopes, wherein 
25 each endpoint object, each system object, and each network 
object is uniquely assigned to a scope such that scopes do 
not logically overlap. 

8. The method of claim 7 wherein dynamic discovery is 
30 limited to a scope assigned to a particular management 

customer . 



9. The method of claim 1 further comprising: 
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determining whether to allow a reconfiguration 
operation requested by an administrative user in accordance 
with security authorization parameters associated with an 
administrative user. 

10. The method of claim 9 further comprising: 

limiting reconfiguration operations requested by an 
administrative user to scopes assigned to a particular 
management customer . 
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11. An apparatus for management of a distributed data 
processing system, wherein the distributed data processing 
system is managed on behalf of a plurality of management 
customers, the apparatus comprising: 

5 means for representing the distributed data processing 

system as a set of scopes, wherein a scope comprises a 

logical organization of network-related objects; 

means for associating each scope with a management 

customer, wherein each scope is uniquely assigned to a 
10 management customer, wherein each scope is uniquely 

associated with a set of configuration parameters for 

managing each scope; 

means for managing the distributed data processing 

system as a set of logical networks, wherein a logical 
15 network comprises a set of scopes, and wherein each logical 

network is uniquely assigned to a management customer; and 
means for allowing an administrative user to 

dynamically reconfigure logical networks within the 

distributed data processing system. 

20 

12. The apparatus of claim 11 further comprising: 
means for dynamically reconfiguring the distributed 

data processing system to introduce a new scope by logically 
dividing a pre-existing scope. 

25 

13. The apparatus of claim 12 wherein the new scope is 
introduced without physically introducing a new network, 
system, or endpoint to the distributed data processing 
system. 



30 



AUS920010375US1 

79 

14. The apparatus of claim 11 further comprising: 
means for dynamically reconfiguring the distributed 

data processing system by logically moving a scope between 
management customers . 

5 

15. The apparatus of claim 11 further comprising: 
means for dynamically reconfiguring the distributed 

data processing system to introduce a new management 
customer. 

10 

16. The apparatus of claim 15 wherein the new management 
customer is introduced without physically introducing a new 
network, system, or endpoint to the distributed data 
processing system. 

15 

17. The apparatus of claim 11 further comprising: 

means for dynamically discovering endpoint s, systems, 
and networks within the distributed data processing system; 

means for correspondingly representing endpoint s, 
20 systems, and networks within the distributed data processing 
system as a set of endpoint objects, system objects, and 
network objects; and 

means for logically organizing the endpoint objects, 
system objects, and network objects within a set of scopes, 
25 wherein each endpoint object, each system object, and each 
network object is uniquely assigned to a scope such that 
scopes do not logically overlap. 

18. The apparatus of claim 17 wherein dynamic discovery is 
30 limited to a scope assigned to a particular management 

customer. 



19. The apparatus of claim 11 further comprising: 
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means for determining whether to allow a 
reconfiguration operation requested by an administrative 
user in accordance with security authorization parameters 
associated with an administrative user. 

20. The apparatus of claim 19 further comprising: 

means for limiting reconfiguration operations requested 
by an administrative user to scopes assigned to a particular 
management customer . 
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21. A computer program product on a computer readable 
medium for use in managing a distributed data processing 
system, wherein the distributed data processing system is 
managed on behalf of a plurality of management customers, 

5 the computer program product comprising: 

instructions for representing the distributed data 
processing system as a set of scopes, wherein a scope 
comprises a logical organization of network-related objects; 
instructions for associating each scope with a 
10 management customer, wherein each scope is uniquely assigned 
to a management customer, wherein each scope is uniquely 
associated with a set of configuration parameters for 
managing each scope; 

instructions for managing the distributed data 
15 processing system as a set of logical networks, wherein a 

logical network comprises a set of scopes, and wherein each 
logical network is uniquely assigned to a management 
customer; and 

instructions for allowing an administrative user to 
20 dynamically reconfigure logical networks within the 
distributed data processing system. 

22. The computer program product of claim 21 further 
comprising : 

25 instructions for dynamically reconfiguring the 

distributed data processing system to introduce a new scope 
by logically dividing a pre-existing scope. 

23. The computer program product of claim 22 wherein the 

30 new scope is introduced without physically introducing a new 
network, system, or endpoint to the distributed data 
processing system. 
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24. The computer program product of claim 21 further 
comprising: 

instructions for dynamically reconfiguring the 
distributed data processing system by logically moving a 
5 scope between management customers. 

25. The computer program product of claim 21 further 
comprising: 

instructions for dynamically reconfiguring the 
10 distributed data processing system to introduce a new 
management customer. 

26. The computer program product of claim 25 wherein the 
new management customer is introduced without physically 

15 introducing a new network, system, or endpoint to the 
distributed data processing system. 

27. The computer program product of claim 21 further 
comprising: 

20 instructions for dynamically discovering endpoints, 

systems, and networks within the distributed data processing 
system; 

instructions for correspondingly representing 
endpoints, systems, and networks within the distributed data 
25 processing system as a set of endpoint objects, system 
objects, and network objects; and 

instructions for logically organizing the endpoint 
objects, system objects, and network objects within a set of 
scopes, wherein each endpoint object, each system object, 
30 and each network object is uniquely assigned to a scope such 
that scopes do not logically overlap. 
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28. The computer program product of claim 27 wherein 
dynamic discovery is limited to a scope assigned to a 
particular management customer. 

5 29. The computer program product of claim 21 further 
comprising: 

instructions for determining whether to allow a 
reconfiguration operation requested by an administrative 
user in accordance with security authorization parameters 
10 associated with an administrative user. 

30. The computer program product of claim 29 further 
comprising: 

instructions for limiting reconfiguration operations 
15 requested by an administrative user to scopes assigned to a 
particular management customer. 



